How to add host to existing rule via ansible

Miroslav_Guoth · ‎2019-01-25

Hey Guys,

I'm starting with checkpoint automatization with ansible, and I'm facing following issue.

API command for adding host (source/destination) is source.add.

I tried it from mgmt_cli and it worked fine:

[Expert@checkpoint:0]# mgmt_cli set access-rule layer "Network" rule-number 2 source.add test
Username: guoth
Password:

---------------------------------------------
Time: [10:38:57] 25/1/2019
---------------------------------------------
"Publish operation" succeeded (100%)
[Expert@checkpoint:0]#

However, when I got command source.add in ansible, it comes with error, that source.add is not valid parameter:

*
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Command 'set-access-rule {u'layer': u'Network', u'source.add': u'source3', u'rule-position': 2}' failed with error message: Unrecognized parameter [source.add]. All changes are discarded and the session is invalidated."}

my task in ansible:

- name: adding host
check_point_mgmt:
command: set-access-rule
parameters:
rule-position: 2
layer: Network
source.add: source3

session-data: "{{ login_response }}"

Thank you for help in advance!

Joshua_Hatter · ‎2019-01-25

Not sure how Ansible works, but source can be an object {} list [] or string "".

In mgmt_cli we deal with objects like you already found source.add test, which in JSON would be {"source": {"add": "test"}}. Need to understand the Ansible interpretation of the same.

Miroslav_Guoth · ‎2019-01-25

Thank you Joshua, it worked like:
source: {"add": "source3"}

Are you a member of CheckMates?

How to add host to existing rule via ansible